Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thenewsletterplugin newsletter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4772
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Thenewsletterplugin Newsletter
NA
CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions before 7.6.9 allows a remote unauthenticated malicious user to inject an arbitrary script.
Thenewsletterplugin Newsletter
3.5
CVSSv2
CVE-2022-1889
The Newsletter WordPress plugin prior to 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
Thenewsletterplugin Newsletter
4.3
CVSSv2
CVE-2022-1756
The Newsletter WordPress plugin prior to 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected...
Thenewsletterplugin Newsletter
3.5
CVSSv2
CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin prior to 6.8.2 for WordPress allows remote malicious users to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-en...
Thenewsletterplugin Newsletter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started